ALT-BU-2025-3581-2
Branch sisyphus update bulletin.
Closed bugs
Во время установки образа при переходе в tty сообщение: "mkdir: cannot create directory `/root/.kbd': File exists"
Package fluent-bit updated to version 3.2.7-alt1 for branch sisyphus in task 376166.
Closed vulnerabilities
BDU:2025-02023
Уязвимость плагина Prometheus Remote Write инструмента для сбора и обработки логов Fluent Bit, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-22
CVE-2024-50608
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
Modified: 2025-04-22
CVE-2024-50609
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
Package docs-alt-education updated to version 10.4-alt4 for branch sisyphus in task 376200.
Closed bugs
Документация docs-alt-education - гл. 66: исправить пунктуацию
Package docs-alt-server updated to version 10.4-alt6 for branch sisyphus in task 376201.
Closed bugs
Опечатка в главе 42.4.2. Правила по VID&PID документации docs-alt-server
Package docs-alt-server-v updated to version 10.4-alt5 for branch sisyphus in task 376202.
Closed bugs
Документация docs-alt-server-v, п.39.4.14. CephFS: опечатка в примечании
Документация docs-alt-server-v, п. 39.5. FC/iSCSI SAN: опечатка в предложении
Документация docs-alt-server-v, п. 43.5. Доступ к LXC контейнеру: дополнить командой в предупреждении
Документация docs-alt-server-v, Глава 44. Миграция ВМ и контейнеров: ошибки пунктуации
Документация docs-alt-server-v, п. 51.4. Двухфакторная аутентификация: ошибки пунктуации
Глава "39.6.3.2. Удаление монитора": необходимо внести правки в пример команды
Глава "39.6.4.2. Удаление менеджера": внести правки в пример команды
Проблемы с пунктуацией в главе "39.6.7. Ceph CRUSH и классы устройств"